Security Alerts and Updates

  Susan Bradley’s Master Patch List  (Windows)
•  AskWoody Newsletters and Alerts
  Latest Security Updates for Apple Software
•  AV Mac Security Test & Review 2019
•  AV Real-World Protection Test February-May 2019

August, 2019  (Click listings for more information) .
19  VLC Media Player 3.0.8 released with 13 security fixes.
19  Hackers use fake NordVPN website to deliver banking Trojan.
18  Hy-Vee warns customers about point-of-sale breach.
18  This Week in Security – by Zack Whittaker.
18  Router network isolation broken by covert data exfiltration.
18  Steam accounts being stolen through free game scam.
18  Windows 10 updates  versions 1809, 1709, 1703, 1607, & 1507.
17  Microsoft confirms Windows 10 1903 update error 0x80073701.
17  Windows updates rolling out to fix Visual Basic issues.
17  Attack exploiting Bluetooth weakness can intercept sensitive data.
16  The Week in Ransomware – Fairly Slow.
16  Steam security saga continues with vulnerability fix bypass.
16  Mozilla Firefox bug let third-parties access saved passwords.
16  Phone numbers exposed by password reset processes.
16  Microsoft warns of phishing attacks using custom 404 pages.
15  Windows 10 1903 users report errors installing KB4512508.
15  Windows 10 updates cause Visual Basic apps to stop responding.
15  Unique Kaspersky AV user ID allowed 3rd-party web tracking.
15  Microsoft voicemail notifications used in phishing campaign.
15  Trend Micro fixes privilege escalation bug in Password Manager.
14  Microsoft releases the security updates for Office.
14  Chrome OS 76 brings virtual desktops & improved media controls.
14  Windows CTF flaws enable attackers to compromise systems.
14  Windows 7 SHA-2 updates blocked if Symantec, Norton AVs installed.
13  Patch Tuesday, August 2019 Edition, Krebs on Security.
13  Microsoft’s August 2019 Patch Tuesday fixes 96 vulnerabilities.
13  Windows 10 cumulative update KB4512508 & KB4511553 released.
13  Microsoft warns of new wormable Remote Desktop flaws.
13  August 2019 Security patches: It’s a biiiiiiiiig month.
13  Adobe releases security updates for Reader, Photoshop, & more.
12  Steam fixes security vulnerabilities, researchers don’t agree.
12  4G router vulnerabilities let attackers take full control.
12  Make sure Windows Auto Update is turned off temporarily.
12  Is Windows pushing you to upgrade? Don’t be bullied.
12  Beware of fake Microsoft account unusual sign-in activity emails.
11  Canon DSLR camera infected with ransomware over the air.
11  This Week in Security – by Zack Whittaker.
10  Over 40 Windows hardware drivers vulnerable to privilege escalation.
10  Google Chrome Incognito mode can still be detected.
09  The Week in Ransomware – Summer Doldrums.
09  Android apps with over 100M installs contain a clicker Trojan.
09  Websites can still detect if you’re using Incognito mode.
08  Steam zero-day vulnerability affects over 100 million users.
08  Microsoft warns against BlueKeep, advises users to update systems.
08  Patch Lady – Windows 10 patching podcast.
08  Microsoft contractors listen to some Skype calls.
07  State Farm accounts compromised in credential stuffing attack.
07  Who Owns Your Wireless Service? Crooks Do.
07  Microsoft ignored RDP vulnerability until it affected Hyper-V.
07  Patch lady – watch out for inplace upgrade side effects.
07  Microsoft releases August 2019 Office updates with fixes.
07  Leapfrog children’s tablet owners should remove Pet Chat now.
06  Some Surface users are unable to connect to 5GHz Wi-Fi after latest update.
06  Advanced Protection Program now scans for risky downloads in Chrome.
06  Vulnerability in modern CPUs fixed in Windows, Linux, ChromeOS.
06  Amazon phishing scam creates login prompts in PDF docs.
06  FBI warns of romance scams turning victims into money mules.
06  El Paso & Dayton tragedy-related scams & malware campaigns.
05  CafePress data breach exposes personal info of users.
05  Surface firmware/driver updates galore.
05  StockX hack exposes personal information of customers.
04  Beware of emails “Confirm Your Unsubscribe” requests.
04  This Week in Security – by Zack Whittaker.
04  Extortion emails on the rise: a look at the different types.
03  The Week in Ransomware – More of the Same.
02  NVIDIA patches security flaws in Windows GPU display driver.
02  It’s time to install most of July’s Windows & Office patches.
02  Multiple Surface devices get firmware and driver updates.
01  Adware abuses Microsoft Smartscreen to boost AV evasion.
01  New malware uses your PC to hide malicious traffic.
01  Some Windows 10 S users are unable to switch out of S mode.
01  FTC releases alert on the Capital One data breach.
01  The BlueKeep situation gets murkier.

July, 2019  (Click listings for more information) .
31  Chrome hides WWW & HTTPS:// in the address bar again.
31  Bugs in Western Digital SSD utility puts owners at risk.
30  Chrome 76 released with new features & 43 security fixes.
30  Google reveals exploits for five security flaws in iOS.
30  Welcome to the Upside Down – by Woody Leonhard.
30  New TrickBot focuses on Microsoft’s Windows Defender.
29  Capital One data breach affects 106 million people.
29  iMessage flaw lets remote attackers read files on iPhones.
29  Android ransomware uses SMS spam to infect its victims.
29  Attackers are wiping Iomega NAS devices for ransom.
28  This Week in Security – by Zack Whittaker.
28  Reports of bogus Win10 1903 upgrade blocks, based on Intel RST drivers that aren’t there.
28  Nvidia releases hotfix driver to fix disappearing mouse cursor.
26  The Week in Ransomware – State of Emergency.
26  Microsoft releases cumulative update for Win10 version 1903.
26  Win10 devices using Kerberos realms may fail to start up.
26  Notorious MyDoom worm still on autopilot after 15 years.
26  Win10 1903 update blocked by old intel Rapid Storage drivers.
25  Microsoft Office 365 webmail exposes user’s IP address.
25  Unpatched vulnerabilities lurk in Comodo Antivirus.
25  US company selling weaponized BlueKeep exploit.
24  Keep calm – VLC not affected by critical vulnerability.
24  Malwarebytes AdwCleaner can now remove bloatware.
24  BlueKeep scanner discovered in cryptomining malware.
24  Surface Go gets security fixes for Spectre-like vul.
23  BlueKeep exploitation expected soon.
22  Windows 10 1809 cumulative update released.
22  Equifax data breach settlement – What you should know.
22  LooCipher Ransomware decryptor released for free.
22  Microsoft data collection raises privacy concerns.
22  Apple releases iOS 9.3.6 & iOS 10.3.4 for older devices.
22  Apple releases multiple security updates.
21  Patch Lady – MSRC blog moves.
21  How to get a list of installed Windows 10 updates.
21  This Week in Security – by Zack Whittaker.
21  IRS improved security but taxpayer data is still at risk.
21  Adware is the malware you should actually worry about.
19  The Week in Ransomware – Targeted Attacks.
19  Google will soon stop websites from knowing if you’re browsing in Incognito Mode.
18  Fake Office 365 site pushes Trojan as browser update.
18  Malware framework uses browser extension for ad fraud.
18  Still no sign of BlueKeep in the wild.
17  Some Office patches prevent saving DOC, XLS files.
17  Twitter tricked into showing misleading embedded links.
17  Update your Logitech wireless dongle right now.
17  Trojan-riddled WinRAR, Winbox, IDM spreads spyware.
16  American Express customers targeted by phishing attack.
16  Windows 10 1803 users are being auto-updated to 1903.
16  New updates available for Win10 1803, 1709, 1703 & 1607.
16  Sprint accounts breached by hackers via Samsung site.
16  FBI releases master decryption keys for Ransomware.
15  Evite invites over 100 million people to their data breach.
15  Win10 1903 bug may show black screen in Remote Desktop.
15  Windows 10 v1903 blocked on some Surface 2 devices.
15  Google Releases Security Updates for Chrome.
14  This Week in Security – by Zack Whittaker.
14  NCSC issues alert about active DNS hijacking attacks.
14  More bugs with the July Win10 version 1903 cumulative update.
12  The Week in Ransomware – July 12th – Under Siege.
12  Microsoft adds automatic phishing detection to Microsoft Forms.
12  Microsoft removes three Windows 10 1903 upgrade blocks.
12  Amazon accounts targeted by 16Shop phishing kit.
12  Fake DeepNude downloads gives you malware instead of nudes.
11  Windows 10 Cumulative Update causes restart alert loop.
11  Over 17,000 domains infected with code that steals card data.
11  iPhone Walkie-Talkie app is disabled due to eavesdropping vul.
10  Android devices get infected by malware disguised as Google-related apps.
10  Win10 SFC /scannow can’t fix corrupted files after update.
10  Telemetry functionality added to Win7 security-only patch.
10  Microsoft updates the Win10 version 1903 servicing stack.
09  Logitech Unifying receivers vul. to key injection attacks.
09  Patch Tuesday: Here’s what’s new for Windows 7 & 8.1.
09  Microsoft releases updates for all versions of Win10.
09  Microsoft releases Office updates with security fixes.
09  July 2019 Patch Tuesday has arrived.
09  Mozilla releases Firefox 68, & version 18 of Firefox for iOS.
08  Dridex banking Trojan, RMS RAT via fake eFax messages.
08  Microsoft discovers fileless Astaroth Trojan campaign.
08  “Sign In with Apple” risks privacy and security.
08  Patch Tuesday tomorrow – temp. block Windows Update.
07  Internet of Things – reset your “C by GE” light bulb.
07  This Week in Security – by Zack Whittaker.
06  How to manually install Windows 10 cumulative updates.
06  Beware of fake Microsoft OneNote Audio Note phishing emails.
05  The Week in Ransomware – Shadiness in the Sunshine State.
05  Microsoft may close account if inactive for two years.
05  Samsung update app charges for free firmware.
03  Beware eBay scrapers promising to help you.
03  It’s time to install the June Windows and Office patches.
02  Microsoft issues July 2019 Office Updates with fixes.
02  Google warns that Chrome to block abusive ads on July 9.
02  Some older Macs can’t install the Windows 10 May 2019 Update.
02  Android apps with millions of installs deceptively pushed ads.
01  BlueKeep PoC demonstrates risk of remote desktop exploit.
01  Android security update fixes four critical RCE flaws.
01  Billions of records leaked by smart home vendor.
01  Windows phones 8.x & 8 will no longer get app updates.
01  Illegal card enrollment services hijack online bank accounts.
01  Disabled registry backups is a Windows 10 feature.
01  Microsoft Patch Alert – by Woody Leonhard.
01  Extortion scam claims EternalBlue installed a backdoor.

June, 2019  (Click listings for more information) .
30  Windows 10 1903 Update bug causes RASMAN service to hang.
30  This Week in Security – by Zack Whittaker.
28  Surface devices get firmware updates with security fixes.
28  Open marketing database exposes 5 million personal records.
27  Windows 10 1903 cumulative update released with fixes.
27  Windows 10 1809 cumulative update released with fixes.
27  Another way to zap systems using Excel’s Power Query feature.
26  Google Chrome OS 75 released with ZombieLoad MDS mitigations.
25  Tech support scammers target search ads on ISP start pages.
25  BlueStacks flaw lets attackers remotely control Android emulator.
25  Malspam campaigns hide infostealers in ISO image files.
25  More than 2,000 potentially dangerous apps found on the Play Store.
24  Patch Lady – a new default I’m not fond of.
23  Win10 version 1903 disappearing Update settings described.
23  This Week in Security – by Zack Whittaker.
23  Dell patches SupportAssist, but other PC-Doctor software still vulnerable.
22  TripAdvisor invalidates member passwords found in data breaches.
22  OpenSSH to keep private keys encrypted at rest in RAM.
21  The Week in Ransomware – Backup, Backup, Backup!
21  LooCipher ransomware spreads its evil through spam.
21  Dell releases security advisory for Dell SupportAssist.
21  BlueKeep warnings boost patching in enterprise networks.
21  Win10 May 2019 updates break iSCSI SAN connectivity.
21  Microsoft releases out-of-band fixes for Win7 and Win8.1.
20  Win10 users are alerted if their PC isn’t ready for version 1903.
20  Desjardins Group data leak exposes info of 2.9 M members.
20  Microsoft releases Outlook for Android security update.
20  Mozilla Firefox 67.0.4 fixes 2nd actively exploited zero-day.
20  Apple security updates for AirPort 802.11n Wi-Fi Base Stations.
19  Microsoft prepares to autoupdate Windows 10 v1803 & earlier.
18  Windows 10 update released to fix privacy settings bug.
18  Department of Homeland Security email phishing scam.
18  Windows 10 updates released for all versions except 1903 & 1507.
18  Mozilla Firefox 67.0.3 patches actively exploited zero-day.
18  Open source clones unofficially sold on the Microsoft Store.
18  Google adds deceptive URL alerts to Chrome, URL add-on.
17  Android malware bypasses 2FA by stealing one-time passwords.
17  U.S. Govt achieves BlueKeep remote code execution, issues alert.
17  GandCrab 5.2 decryptor ends a bad ransomware story.
16  Phishing scam asks you to login to read encrypted message.
16  This Week in Security – by Zack Whittaker.
14  The Week in Ransomware – pyLocky and GandCrab cleans up.
14  Android Trojan leads users to scam sites via notifications.
14  WSH RAT malware targets bank customers with keyloggers.
14  AVG blocked Firefox’s access to saved passwords.
13  Mozilla Releases Security Update for Thunderbird.
13  Google Releases Security Updates for Chrome.
13  Twitter URLs can be manipulated to spread fake news & scams.
13  Microsoft is better at documenting patch problems, but….
12  Windows 10 v1903, v1809 updates break Event Viewer Custom Views.
12  Android’s security key now verifies sign-ins on iOS devices.
12  Flaw in Evernote add-on exposed sensitive data of millions.
12  Windows 10 v1903 upgrade blocked by USB drives partially fixed.
11  Intel releases security updates, mitigations for multiple products.
11  Microsoft releases June 2019 Office Updates with security fixes.
11  Microsoft blocks some Bluetooth devices due to security risks.
11  Patch Tuesday: Here’s what’s new for Windows 7 and 8.1.
11  Microsoft releases Windows 10 updates for all versions except for 1511.
11  June 2019 Patch Tuesday is rolling out.
11  Adobe releases security updates for Flash Player, ColdFusion, & Campaign.
10  Spam campaign controlled by attackers via DNS TXT records.
10  FBI issues warning on ‘secure’ websites used for phishing.
10  Make sure Windows automatic update is off.
09  This Week in Security – by Zack Whittaker.
09  VLC Media Player security updates were released on Friday.
09  Microsoft warns about email spam campaign abusing Office vul.
09  Opera, Brave, Vivaldi to ignore Chrome’s anti-ad-blocker changes.
07  The Week in Ransomware – GandCrab retires, and more.
07  Google search ads infiltrated again by tech support scams.
07  IRS Warns of New Tax Scams.
07  Google Chrome to limit Referer header size to block attacks.
07  The Windows 10 May 2019 Update is now available to anyone.
07  Windows 10 zero-day bug emerges from bypassing patched flaw.
06  New GoldBrute botnet is trying to hack 1.5 million RDP servers.
06  Phishing email warns: Add recovery number or account deleted.
06  Bug breaks Internet Explorer 11 on some Windows 10 versions.
06  Over 400,000 Opko Health clients impacted by AMCA data breach.
06  Microsoft warns against bypassing Office 365 spam filters.
04  NSA Releases Advisory on BlueKeep Vulnerability.
04  Chrome 75 released with 42 security fixes and new features.
04  New privacy features for Mozilla Firefox, Lockwise is live.
04  June 2019 non-Security Office updates are available.
04  It’s time to install the May Windows and Office patches.
03  Older Windows 10 versions get Intel Microcode updates for MDS vulns.
03  Windows 10 to require 32GB of storage only on new OEM PCs.
03  Improper app check revives the synthetic clicks issue in macOS Mojave.
03  Billing details for 11.9M Quest Diagnostics clients exposed.
02  Google outage in eastern U.S. affecting Gmail, YouTube, and more.
02  How to download a Windows 10 ISO by impersonating other devices.
02  This Week in Security – by Zack Whittaker.
02  New phishing scam asks you to manage your undelivered email.